python
Used for Buffer Overflows and Red Team Scripting.
Link
How I used it
Python is my go-to for exploit development and automation. It’s cleaner than Bash, more intuitive than C, and has libraries for everything I need right out of the box. Plus, the struct and socket modules make writing buffer overflow exploits way easier than trying to reinvent the wheel.
What I use it for
| Category | What I Built | Why Python |
|---|---|---|
| Exploit Development | Buffer overflow scripts (payload crafting, offset calculation, badchar detection). | The pack method from the struct library for converting addresses, and the socket library for sending exploits. Way easier to use than C. |
| Red Team Tooling | Password crackers and mutators. | Quick iteration on wordlist generation. Faster to prototype than C, good enough performance for CTFs. |
| Automation | Reconnaissance and enumeration scripts. | When I'm tired of typing the same nmap/curl commands 50 times. |
Proof
- Buffer Overflow Prep - Full Python exploit chain
- Brainpan - Custom fuzzer and shellcode delivery
- Vanilla BOF Project - Complete exploit development series
- Curling - Password cracker + mutator combo
Code Snippets I Use Constantly
Socket client (for exploit delivery):
import socket
s = socket.create_connection(('127.0.0.1', 9001))
s.sendall(b'HELLO\n')
resp = s.recv(4096)
s.close()
Pack addresses (for ROP/shellcode):
from struct import pack, unpack
jmp_esp = pack('<I', 0xdeadbeef) # little-endian 32-bit
What I Learned the Hard Way
Bytes vs strings
Python 3’s bytes/string distinction will bite you if you’re not careful. Always send b'bytes' through sockets, not 'strings'.
Indentation Matters
Multiple spaces and tab aren’t the same even if they look like they “line up”. Seeing how they look like they look like they line up, good luck finding it. Guarantee you are going to drain both time and sanity trying. Always pay attention to your spacing because it matters in Python. Or else, you might end-up a security researcher named after a cookie writing a portfolio blog at 3am.
Why Python?
It provides for fast prototyping, quick development, and loads of libraries that I can use right out of the box. So, I use Python most of the time. I will always stick to the most appropriate tool for the job. Language agnostic, I say. Honorable mention to C. Good to also learn for exploit development for better understanding the assembly.